Jump to content


Android SDK updated to 1.5 r2 - security fix!

- - - - -
Started by PaulOBrien , May 26 2009 04:31 PM

  • Please log in to reply
No replies to this topic

#1
PaulOBrien
Posted 26 May 2009 - 04:31 PM

PaulOBrien

    It's My Party

  • Founder
  • PipPipPipPipPipPip
  • 35,530 posts
  • Gender:Male
  • Location:Norwich, UK
  • Devices:All the Nexus!
  • Twitter:@paulobrien
Posted Image
The Android SDK has been updated to version 1.5 r2, downloadable as always from the Android SDK Home Page.

The release notes state...

Quote

This SDK release provides the same developer tools as the Android 1.5 SDK, Release 1, but provides an updated Android 1.5 system image that includes a security patch for the issue described in the oCert advisory below:

http://www.ocert.org...t-2009-006.html
which in turn reveals...

Quote

Android, an open source mobile phone platform, improperly checks developer certificates when installing packages that request the shared user identifier (uid) permission.

Normally, Android applications will be allowed to share a uid if the packages are all signed by the same developer certificate and request permission to do so at install-time. This allows for packages from the same author to share data. Without enforcement of that behavior, it is possible for any application to be installed in such a manner that it gains access to another (existing) application's data.
Interesting... also the probable cause of the Cupcake update delays perhaps?

P

You can follow me on Twitter - http://twitter.com/paulobrien / Follow MoDaCo on Twitter - http://twitter.com/modaco

Want to donate? MoDaCo is raising money for the Multiple Sclerosis society.

Posted Image

Back to Android News · Next Unread Topic →


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. MoDaCo
  2. Newsroom
  3. Android News